This threat scan summary is an example to display how these findings would be reported when using the Office 365 Threat Analysis Service offered by Altinet for yourself.
Office 365 Threat Analysis Service | Example Report
1. This threat scan summary is an
example to display how these findings
would be reported when using the
Office 365 Threat Analysis Service.
2. • Scanned mailboxes with Barracuda Sentinel’s AI engine
• Detected 1,348 attacks sitting in employee mailboxes
• Detected broad range of attacks:
• Executives being impersonated
• Targeted phishing (Microsoft, Fedex, Dropbox…)
• Employee impersonation
• Blackmail attempts
Overview
3. • Unlike spam or mass phishing, a single successful spear phishing attack can
cost a company millions
• MacEwan University wires $11.8M to hackers
• Ubiquity handed fraudsters $40M
• ********* is a trusted organisation, scammers will pursue
• Money
• Personal information about employees
• Account takeover to gain access to business data
The Impact of Targeted Attacks
5. • Sender email is *************
• Not visible in many email clients
• Free mail domains have high reputation
• The conversation will lead to a request for wire transfer
• Urgency used to increase the likelihood of compliance
• Attackers will get on the phone to “confirm” in some cases
• FBI reports $5B in losses from wire fraud
… is actually an attempt to commit wire fraud
6. Email from “Microsoft” leads to account takeover
Sender address and links do not really belong to
Microsoft
• Link: https://ms1u2632bcms8qzhmqv3f4.z6.web.core.windows.net/…
10. • 96% of our customers’ domains are used extensively for phishing and
spam campaigns
• Attackers are leveraging ************’s reputation and the trust 3rd
parties have in its communications
• Likely using spoofed emails, maybe compromised accounts
• DMARC + targeted attack protection will mitigate
• US Dept. of Homeland Security mandates DMARC for federal agencies
organizations
Domain fraud is prevalent